Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AndroidKeyStore: Add encrypted flag

Browse Source 
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.

(partial cherry pick from commit 2eeda7286f)

Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
This commit is contained in:
Kenny Root
2013-04-10 11:30:58 -07:00
committed by Kenny Root
parent 6fb172b12e
commit bf2147669e
9 changed files with 732 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
keystore/java/android/security/AndroidKeyPairGenerator.java
View File

@@ -49,10 +49,7 @@ import java.security.spec.X509EncodedKeySpec;
*
* {@hide}
*/
@SuppressWarnings("deprecation")
public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
public static final String NAME = "AndroidKeyPairGenerator";
private android.security.KeyStore mKeyStore;
private AndroidKeyPairGeneratorSpec mSpec;
@@ -79,12 +76,21 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
"Must call initialize with an AndroidKeyPairGeneratorSpec first");
}
if (((mSpec.getFlags() & KeyStore.FLAG_ENCRYPTED) != 0)
&& (mKeyStore.state() != KeyStore.State.UNLOCKED)) {
throw new IllegalStateException(
"Android keystore must be in initialized and unlocked state "
+ "if encryption is required");
}
final String alias = mSpec.getKeystoreAlias();
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
mKeyStore.generate(privateKeyAlias);
if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mSpec.getFlags())) {
throw new IllegalStateException("could not generate key in keystore");
}
final PrivateKey privKey;
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
@@ -131,7 +137,8 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
throw new IllegalStateException("Can't get encoding of certificate", e);
}
if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes)) {
if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF,
mSpec.getFlags())) {
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
throw new IllegalStateException("Can't store certificate in AndroidKeyStore");
}